aboutsummaryrefslogtreecommitdiff
path: root/src/microhttpd/connection_https.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/microhttpd/connection_https.c')
-rw-r--r--src/microhttpd/connection_https.c127
1 files changed, 64 insertions, 63 deletions
diff --git a/src/microhttpd/connection_https.c b/src/microhttpd/connection_https.c
index 8202329b..108e1fc6 100644
--- a/src/microhttpd/connection_https.c
+++ b/src/microhttpd/connection_https.c
@@ -59,22 +59,22 @@ recv_tls_adapter (struct MHD_Connection *connection,
59 i); 59 i);
60 if ( (GNUTLS_E_AGAIN == res) || 60 if ( (GNUTLS_E_AGAIN == res) ||
61 (GNUTLS_E_INTERRUPTED == res) ) 61 (GNUTLS_E_INTERRUPTED == res) )
62 { 62 {
63#ifdef EPOLL_SUPPORT 63#ifdef EPOLL_SUPPORT
64 if (GNUTLS_E_AGAIN == res) 64 if (GNUTLS_E_AGAIN == res)
65 connection->epoll_state &= ~MHD_EPOLL_STATE_READ_READY; 65 connection->epoll_state &= ~MHD_EPOLL_STATE_READ_READY;
66#endif 66#endif
67 /* Any network errors means that buffer is empty. */ 67 /* Any network errors means that buffer is empty. */
68 connection->tls_read_ready = false; 68 connection->tls_read_ready = false;
69 return MHD_ERR_AGAIN_; 69 return MHD_ERR_AGAIN_;
70 } 70 }
71 if (res < 0) 71 if (res < 0)
72 { 72 {
73 /* Likely 'GNUTLS_E_INVALID_SESSION' (client communication 73 /* Likely 'GNUTLS_E_INVALID_SESSION' (client communication
74 disrupted); interpret as a hard error */ 74 disrupted); interpret as a hard error */
75 connection->tls_read_ready = false; 75 connection->tls_read_ready = false;
76 return MHD_ERR_NOTCONN_; 76 return MHD_ERR_NOTCONN_;
77 } 77 }
78 78
79#ifdef EPOLL_SUPPORT 79#ifdef EPOLL_SUPPORT
80 /* Unlike non-TLS connections, do not reset "read-ready" if 80 /* Unlike non-TLS connections, do not reset "read-ready" if
@@ -83,8 +83,9 @@ recv_tls_adapter (struct MHD_Connection *connection,
83#endif /* EPOLL_SUPPORT */ 83#endif /* EPOLL_SUPPORT */
84 84
85 /* Check whether TLS buffers still have some unread data. */ 85 /* Check whether TLS buffers still have some unread data. */
86 connection->tls_read_ready = ( ((size_t)res == i) && 86 connection->tls_read_ready = ( ((size_t) res == i) &&
87 (0 != gnutls_record_check_pending (connection->tls_session)) ); 87 (0 != gnutls_record_check_pending (
88 connection->tls_session)) );
88 return res; 89 return res;
89} 90}
90 91
@@ -113,19 +114,19 @@ send_tls_adapter (struct MHD_Connection *connection,
113 i); 114 i);
114 if ( (GNUTLS_E_AGAIN == res) || 115 if ( (GNUTLS_E_AGAIN == res) ||
115 (GNUTLS_E_INTERRUPTED == res) ) 116 (GNUTLS_E_INTERRUPTED == res) )
116 { 117 {
117#ifdef EPOLL_SUPPORT 118#ifdef EPOLL_SUPPORT
118 if (GNUTLS_E_AGAIN == res) 119 if (GNUTLS_E_AGAIN == res)
119 connection->epoll_state &= ~MHD_EPOLL_STATE_WRITE_READY; 120 connection->epoll_state &= ~MHD_EPOLL_STATE_WRITE_READY;
120#endif 121#endif
121 return MHD_ERR_AGAIN_; 122 return MHD_ERR_AGAIN_;
122 } 123 }
123 if (res < 0) 124 if (res < 0)
124 { 125 {
125 /* Likely 'GNUTLS_E_INVALID_SESSION' (client communication 126 /* Likely 'GNUTLS_E_INVALID_SESSION' (client communication
126 disrupted); interpret as a hard error */ 127 disrupted); interpret as a hard error */
127 return MHD_ERR_NOTCONN_; 128 return MHD_ERR_NOTCONN_;
128 } 129 }
129#ifdef EPOLL_SUPPORT 130#ifdef EPOLL_SUPPORT
130 /* Unlike non-TLS connections, do not reset "write-ready" if 131 /* Unlike non-TLS connections, do not reset "write-ready" if
131 * sent amount smaller than provided amount, as TLS 132 * sent amount smaller than provided amount, as TLS
@@ -151,32 +152,32 @@ MHD_run_tls_handshake_ (struct MHD_Connection *connection)
151 152
152 if ((MHD_TLS_CONN_INIT == connection->tls_state) || 153 if ((MHD_TLS_CONN_INIT == connection->tls_state) ||
153 (MHD_TLS_CONN_HANDSHAKING == connection->tls_state)) 154 (MHD_TLS_CONN_HANDSHAKING == connection->tls_state))
155 {
156 ret = gnutls_handshake (connection->tls_session);
157 if (ret == GNUTLS_E_SUCCESS)
154 { 158 {
155 ret = gnutls_handshake (connection->tls_session); 159 /* set connection TLS state to enable HTTP processing */
156 if (ret == GNUTLS_E_SUCCESS) 160 connection->tls_state = MHD_TLS_CONN_CONNECTED;
157 { 161 MHD_update_last_activity_ (connection);
158 /* set connection TLS state to enable HTTP processing */ 162 return true;
159 connection->tls_state = MHD_TLS_CONN_CONNECTED; 163 }
160 MHD_update_last_activity_ (connection); 164 if ( (GNUTLS_E_AGAIN == ret) ||
161 return true; 165 (GNUTLS_E_INTERRUPTED == ret) )
162 } 166 {
163 if ( (GNUTLS_E_AGAIN == ret) || 167 connection->tls_state = MHD_TLS_CONN_HANDSHAKING;
164 (GNUTLS_E_INTERRUPTED == ret) ) 168 /* handshake not done */
165 {
166 connection->tls_state = MHD_TLS_CONN_HANDSHAKING;
167 /* handshake not done */
168 return false;
169 }
170 /* handshake failed */
171 connection->tls_state = MHD_TLS_CONN_TLS_FAILED;
172#ifdef HAVE_MESSAGES
173 MHD_DLOG (connection->daemon,
174 _("Error: received handshake message out of context\n"));
175#endif
176 MHD_connection_close_ (connection,
177 MHD_REQUEST_TERMINATED_WITH_ERROR);
178 return false; 169 return false;
179 } 170 }
171 /* handshake failed */
172 connection->tls_state = MHD_TLS_CONN_TLS_FAILED;
173#ifdef HAVE_MESSAGES
174 MHD_DLOG (connection->daemon,
175 _ ("Error: received handshake message out of context\n"));
176#endif
177 MHD_connection_close_ (connection,
178 MHD_REQUEST_TERMINATED_WITH_ERROR);
179 return false;
180 }
180 return true; 181 return true;
181} 182}
182 183
@@ -205,23 +206,23 @@ bool
205MHD_tls_connection_shutdown (struct MHD_Connection *connection) 206MHD_tls_connection_shutdown (struct MHD_Connection *connection)
206{ 207{
207 if (MHD_TLS_CONN_WR_CLOSED > connection->tls_state) 208 if (MHD_TLS_CONN_WR_CLOSED > connection->tls_state)
209 {
210 const int res =
211 gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
212 if (GNUTLS_E_SUCCESS == res)
213 {
214 connection->tls_state = MHD_TLS_CONN_WR_CLOSED;
215 return true;
216 }
217 if ((GNUTLS_E_AGAIN == res) ||
218 (GNUTLS_E_INTERRUPTED == res))
208 { 219 {
209 const int res = 220 connection->tls_state = MHD_TLS_CONN_WR_CLOSING;
210 gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR); 221 return true;
211 if (GNUTLS_E_SUCCESS == res)
212 {
213 connection->tls_state = MHD_TLS_CONN_WR_CLOSED;
214 return true;
215 }
216 if ((GNUTLS_E_AGAIN == res) ||
217 (GNUTLS_E_INTERRUPTED == res))
218 {
219 connection->tls_state = MHD_TLS_CONN_WR_CLOSING;
220 return true;
221 }
222 else
223 connection->tls_state = MHD_TLS_CONN_TLS_FAILED;
224 } 222 }
223 else
224 connection->tls_state = MHD_TLS_CONN_TLS_FAILED;
225 }
225 return false; 226 return false;
226} 227}
227 228